Search found 1 match
- Tue Jun 14, 2011 10:39 am
- Forum: NoScript Development
- Topic: forbid @font-face still necessary?
- Replies: 4
- Views: 2700
forbid @font-face still necessary?
Hi NoScript forbids @font-face because a maliciously crafted font could exploit the font parsers that are rather old. Indeed, there has been such a vulnerability, see MFSA 2010-08: WOFF heap corruption due to integer overflow (see also hackademix.net » Why NoScript Blocks Web Fonts ). But is this pr...